From 099c3d532736d5836d0d5d3236cd1e502897076c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 3 Oct 2005 23:46:21 +0000 Subject: r10697: Change the torture join code to return a credentials structure, as that is what most of the callers want anyway. Remove and re-add the account for the torture case, rather than just modify it. Test with a user account (needs work to change the password). Andrew Bartlett (This used to be commit 38bebef02454164cbe882347d80e03abee656205) --- source4/torture/nbt/dgram.c | 4 ++-- source4/torture/rpc/join.c | 10 ++++---- source4/torture/rpc/netlogon.c | 5 +++- source4/torture/rpc/samlogon.c | 37 ++++++++++-------------------- source4/torture/rpc/schannel.c | 22 +----------------- source4/torture/rpc/testjoin.c | 52 ++++++++++++++++++++++++++++++++++++++---- 6 files changed, 71 insertions(+), 59 deletions(-) (limited to 'source4/torture') diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c index b3249524ca..ded2b49ea8 100644 --- a/source4/torture/nbt/dgram.c +++ b/source4/torture/nbt/dgram.c @@ -214,11 +214,11 @@ static BOOL nbt_test_ntlogon(TALLOC_CTX *mem_ctx, struct timeval tv = timeval_current(); int replies = 0; struct test_join *join_ctx; - const char *password; + struct cli_credentials *machine_credentials; const char *dom_sid; join_ctx = torture_join_domain(TEST_NAME, - ACB_WSTRUST, &password); + ACB_WSTRUST, &machine_credentials); if (join_ctx == NULL) { printf("Failed to join domain %s as %s\n", lp_workgroup(), TEST_NAME); talloc_free(dgmsock); diff --git a/source4/torture/rpc/join.c b/source4/torture/rpc/join.c index beb313c3d2..7aed76abf4 100644 --- a/source4/torture/rpc/join.c +++ b/source4/torture/rpc/join.c @@ -9,12 +9,12 @@ BOOL torture_rpc_join(void) { struct test_join *tj; - const char *machine_password; + struct cli_credentials *machine_account; /* Join domain as a member server. */ tj = torture_join_domain(TORTURE_NETBIOS_NAME, ACB_WSTRUST, - &machine_password); + &machine_account); if (!tj) { DEBUG(0, ("%s failed to join domain\n", @@ -28,10 +28,10 @@ BOOL torture_rpc_join(void) /* Join domain as a domain controller. */ tj = torture_join_domain(TORTURE_NETBIOS_NAME, ACB_SVRTRUST, - &machine_password); + &machine_account); if (!tj) { - DEBUG(0, ("%s failed to join domain %s.\n", - TORTURE_NETBIOS_NAME, lp_workgroup())); + DEBUG(0, ("%s failed to join domain\n", + TORTURE_NETBIOS_NAME)); return False; } diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 966a0f2e5b..185a032b3c 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -1358,17 +1358,20 @@ BOOL torture_rpc_netlogon(void) TALLOC_CTX *mem_ctx; BOOL ret = True; struct test_join *join_ctx; + struct cli_credentials *machine_credentials; mem_ctx = talloc_init("torture_rpc_netlogon"); join_ctx = torture_join_domain(TEST_MACHINE_NAME, ACB_SVRTRUST, - &machine_password); + &machine_credentials); if (!join_ctx) { talloc_free(mem_ctx); printf("Failed to join as BDC\n"); return False; } + machine_password = cli_credentials_get_password(machine_credentials); + status = torture_rpc_connection(mem_ctx, &p, DCERPC_NETLOGON_NAME, DCERPC_NETLOGON_UUID, diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index ef0ccd9037..00b3c56408 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -1379,13 +1379,11 @@ BOOL torture_rpc_samlogon(void) TALLOC_CTX *mem_ctx = talloc_init("torture_rpc_netlogon"); BOOL ret = True; struct test_join *join_ctx; -#if 0 struct test_join *user_ctx; const char *user_password; -#endif char *test_machine_account; - const char *machine_password; const char *binding = lp_parm_string(-1, "torture", "binding"); + const char *userdomain; int i; int ci; @@ -1399,21 +1397,24 @@ BOOL torture_rpc_samlogon(void) struct creds_CredentialState *creds; - machine_credentials = cli_credentials_init(mem_ctx); - test_machine_account = talloc_asprintf(mem_ctx, "%s$", TEST_MACHINE_NAME); /* We only need to join as a workstation here, and in future, * if we wish to test against trusted domains, we must be a * workstation here */ - join_ctx = torture_create_testuser(test_machine_account, lp_workgroup(), ACB_WSTRUST, - &machine_password); + join_ctx = torture_join_domain(TEST_MACHINE_NAME, ACB_WSTRUST, + &machine_credentials); if (!join_ctx) { printf("Failed to join as Workstation\n"); return False; } -#if 0 + + userdomain = lp_parm_string(-1, "torture", "userdomain"); + if (!userdomain) { + userdomain = lp_workgroup(); + } + user_ctx = torture_create_testuser(TEST_USER_NAME, - lp_parm_string(-1, "torture", "userdomain"), + userdomain, ACB_NORMAL, &user_password); if (!user_ctx) { @@ -1421,8 +1422,6 @@ BOOL torture_rpc_samlogon(void) return False; } -#endif - status = dcerpc_parse_binding(mem_ctx, binding, &b); if (!NT_STATUS_IS_OK(status)) { printf("Bad binding string %s\n", binding); @@ -1436,14 +1435,6 @@ BOOL torture_rpc_samlogon(void) b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128; - cli_credentials_set_workstation(machine_credentials, TEST_MACHINE_NAME, CRED_SPECIFIED); - cli_credentials_set_domain(machine_credentials, lp_workgroup(), CRED_SPECIFIED); - cli_credentials_set_realm(machine_credentials, lp_realm(), CRED_SPECIFIED); - cli_credentials_set_username(machine_credentials, test_machine_account, CRED_SPECIFIED); - cli_credentials_set_password(machine_credentials, machine_password, CRED_SPECIFIED); - cli_credentials_set_secure_channel_type(machine_credentials, - SEC_CHAN_WKSTA); - status = dcerpc_pipe_connect_b(mem_ctx, &p, b, DCERPC_NETLOGON_UUID, DCERPC_NETLOGON_VERSION, @@ -1551,9 +1542,8 @@ BOOL torture_rpc_samlogon(void) NT_STATUS_NO_SUCH_USER, NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT }, -#if 0 { - lp_parm_string(-1, "torture", "userdomain"), + userdomain, TEST_USER_NAME, user_password, True, @@ -1576,13 +1566,12 @@ BOOL torture_rpc_samlogon(void) talloc_asprintf(mem_ctx, "%s@%s", TEST_USER_NAME, - lp_parm_string(-1, "torture", "userdomain")), + userdomain), user_password, False, NT_STATUS_OK, NT_STATUS_OK } -#endif }; /* Try all the tests for different username forms */ @@ -1640,8 +1629,6 @@ failed: talloc_free(mem_ctx); torture_leave_domain(join_ctx); -#if 0 torture_leave_domain(user_ctx); -#endif return ret; } diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 90f5fb0361..d73dae08b4 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -147,7 +147,6 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, uint32_t schannel_type) { void *join_ctx; - const char *machine_password; NTSTATUS status; const char *binding = lp_parm_string(-1, "torture", "binding"); struct dcerpc_binding *b; @@ -157,10 +156,9 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, struct cli_credentials *credentials; TALLOC_CTX *test_ctx = talloc_named(mem_ctx, 0, "test_schannel context"); - char *test_machine_account = talloc_asprintf(NULL, "%s$", TEST_MACHINE_NAME); join_ctx = torture_join_domain(TEST_MACHINE_NAME, - acct_flags, &machine_password); + acct_flags, &credentials); if (!join_ctx) { printf("Failed to join domain with acct_flags=0x%x\n", acct_flags); talloc_free(test_ctx); @@ -176,24 +174,6 @@ static BOOL test_schannel(TALLOC_CTX *mem_ctx, b->flags &= ~DCERPC_AUTH_OPTIONS; b->flags |= dcerpc_flags; - credentials = cli_credentials_init(mem_ctx); - cli_credentials_set_conf(credentials); - - cli_credentials_set_domain(credentials, lp_workgroup(), CRED_SPECIFIED); - cli_credentials_set_workstation(credentials, TEST_MACHINE_NAME, CRED_SPECIFIED); - cli_credentials_set_username(credentials, test_machine_account, CRED_SPECIFIED); - cli_credentials_set_password(credentials, machine_password, CRED_SPECIFIED); - - if (acct_flags == ACB_WSTRUST) { - cli_credentials_set_secure_channel_type(credentials, - SEC_CHAN_WKSTA); - } else if (acct_flags == ACB_SVRTRUST) { - cli_credentials_set_secure_channel_type(credentials, - SEC_CHAN_BDC); - } else { - goto failed; - } - status = dcerpc_pipe_connect_b(test_ctx, &p, b, DCERPC_SAMR_UUID, diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 7c62353f53..cfb34ad8ad 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -278,7 +278,7 @@ failed: struct test_join *torture_join_domain(const char *machine_name, uint32_t acct_flags, - const char **machine_password) + struct cli_credentials **machine_credentials) { NTSTATUS status; struct libnet_context *libnet_ctx; @@ -308,6 +308,9 @@ struct test_join *torture_join_domain(const char *machine_name, libnet_ctx->cred = cmdline_credentials; libnet_r->in.binding = lp_parm_string(-1, "torture", "binding"); + if (!libnet_r->in.binding) { + libnet_r->in.binding = talloc_asprintf(libnet_r, "ncacn_np:%s", lp_parm_string(-1, "torture", "host")); + } libnet_r->in.level = LIBNET_JOINDOMAIN_SPECIFIED; libnet_r->in.netbios_name = machine_name; libnet_r->in.account_name = talloc_asprintf(libnet_r, "%s$", machine_name); @@ -319,15 +322,33 @@ struct test_join *torture_join_domain(const char *machine_name, libnet_r->in.acct_type = acct_flags; status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r); + if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + struct samr_DeleteUser d; + d.in.user_handle = &libnet_r->out.user_handle; + d.out.user_handle = &libnet_r->out.user_handle; + + /* Delete machine account */ + status = dcerpc_samr_DeleteUser(libnet_r->out.samr_pipe, tj, &d); + if (!NT_STATUS_IS_OK(status)) { + printf("Delete of machine account failed\n"); + } else { + printf("Delete of machine account was successful.\n"); + } + status = libnet_JoinDomain(libnet_ctx, libnet_r, libnet_r); + } + if (!NT_STATUS_IS_OK(status)) { - DEBUG(0, ("Domain join failed - %s.\n", nt_errstr(status))); + if (libnet_r->out.error_string) { + DEBUG(0, ("Domain join failed - %s.\n", libnet_r->out.error_string)); + } else { + DEBUG(0, ("Domain join failed - %s.\n", nt_errstr(status))); + } talloc_free(tj); return NULL; } tj->p = libnet_r->out.samr_pipe; tj->user_handle = *libnet_r->out.user_handle; tj->dom_sid = dom_sid_string(tj, libnet_r->out.domain_sid); - *machine_password = libnet_r->out.join_password; ZERO_STRUCT(u); s.in.user_handle = &tj->user_handle; @@ -358,6 +379,27 @@ struct test_join *torture_join_domain(const char *machine_name, libnet_r->out.domain_name, tj->dom_sid)); + *machine_credentials = cli_credentials_init(tj); + cli_credentials_set_conf(*machine_credentials); + cli_credentials_set_workstation(*machine_credentials, machine_name, CRED_SPECIFIED); + cli_credentials_set_domain(*machine_credentials, libnet_r->out.domain_name, CRED_SPECIFIED); + if (libnet_r->out.realm) { + cli_credentials_set_realm(*machine_credentials, libnet_r->out.realm, CRED_SPECIFIED); + } + cli_credentials_set_username(*machine_credentials, libnet_r->in.account_name, CRED_SPECIFIED); + cli_credentials_set_password(*machine_credentials, libnet_r->out.join_password, CRED_SPECIFIED); + if (acct_flags & ACB_SVRTRUST) { + cli_credentials_set_secure_channel_type(*machine_credentials, + SEC_CHAN_BDC); + } else if (acct_flags & ACB_WSTRUST) { + cli_credentials_set_secure_channel_type(*machine_credentials, + SEC_CHAN_WKSTA); + } else { + DEBUG(0, ("Invalid account type specificed to torture_join_domain\n")); + talloc_free(*machine_credentials); + return NULL; + } + return tj; } @@ -480,7 +522,7 @@ struct test_join_ads_dc { struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name, const char *domain, - const char **machine_password) + struct cli_credentials **machine_credentials) { struct test_join_ads_dc *join; @@ -491,7 +533,7 @@ struct test_join_ads_dc *torture_join_domain_ads_dc(const char *machine_name, join->join = torture_join_domain(machine_name, ACB_SVRTRUST, - machine_password); + machine_credentials); if (!join->join) { return NULL; -- cgit